Requirements for handling data depend on characteristics of the data. For example, data that is public and of high importance may be archived in a way that places it at the disposal of the public, and simultaneously ensures its permanence for indefinite retention. For example, microfilm and acid-free paper are technologies that are capable of retaining information for several centuries, while allowing repeated access to the information. Examples of public high-importance data include correspondence of heads of state and archives of major newspapers.
Data that is public but only of transient relevance may be stored in a way that ensures access by the public, but need not ensure permanent retention. For example, information on traffic conditions on roads may be relevant while the conditions last, but irrelevant afterwards. Such data may be stored on a world wide web, WWW, page, for example, where it may be accessed by users and later on replaced with more up-to-date data, which may be automatically generated, for example.
On the other hand, private or secret data needs to be stored in a way that restricts access. Restrictions in access may take the form of physical restrictions or procedural restrictions. Physical restrictions include storing the private or secret data in sites which are not open to the public, such as, for example, in an underground bank datacentre. Procedural restrictions include use of encryption, wherein a user may encrypt his data before storing it in a cloud service, for example.
In handling private or secret data using computer programs, programming errors may inadvertently compromise the intended level of privacy or secrecy. To ensure computer programs intended to handle such data types operate in a correct way, the programs may be tested extensively, and their source codes and/or requirement specifications may be reviewed. Such reviews may be performed by peers in an organization that develops computer programs. Alternatively or additionally, such reviews may be performed by members of the general public where the computer programs are open-source.
It has been known to occur that despite testing, programming errors may persist in computer programs that are released into use. Patching up such errors may involve a continuous effort and patches need to be released as soon as possible after a privacy-compromising error has been discovered to prevent malicious parties from using the error. An example of a privacy-compromising programming error was the “Heartbleed bug” discovered in the OpenSSL cryptography library in 2014.